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This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

1 . (Currently Amended) A method for maintaining the security of a secured 
execution environment on a system comprising said secured execution environment and a 
second execution environment both on a single computing device, the method comprising: 

accepting at the second execution environment a flow of user input from a trusted 
input device; 

initially directing the accepted flow of user input from the second execution 
environment to the secured execution environment; 

determining at the secured execution environment whether said secured execution 
environment is in a standard input mode; 

subsequently directing the initially directed flow of user input at the secured execution 
environment based on the input mode of the secured execution environment including if said 
secured execution environment is in a standard input mode, transferring at least a first portion 
of said user input to said second execution environment; 

determining at the secured execution environment from the initially directed flow of 
user input at such secured execution environment whether said user input comprises a user 
NIM indication that said secured execution environment should be in a nexus input mode; 
and 

if said user input comprises said user NIM indication and said secured execution 
environment is not in said nexus input mode, switching said secured execution environment 
to said nexus input mode, said user NIM indication being the only way to initiate a transition 
from said standard input mode to said nexus input mode, there being at least two ways to 
transition from said nexus input mode to said standard input mode at least one of which is not 
a symmetrical counterpart of said user NIM indication. 

2. (Original) The method of claim 1, further comprising: 
decrypting said user input. 



3. (Original) The method of claim 1, further comprising: 
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if said secured execution environment is in a nexus input mode, determining a specific 
process running in said secured execution environment to which said user input is directed; 
and 

directing said user input to said specific process. 

4. (Canceled) 

5. (Previously presented) The method of claim 1, where said user NIM indication 
comprises a combination of keystrokes on a keyboard. 

6. (Previously presented) The method of claim 1, where said user NIM indication 
comprises a programmatic activation of a process running in said secured execution 
environment. 

7. (Original) The method of claim 6, where said programmatic activation of a 
first process running in said secured execution environment comprises selecting a graphical 
user interface element corresponding to said process. 

8. (Original) The method of claim 7, where said graphical user interface element 
is a shadow graphical user interface element displayed using a second process, where said 
process is running on said second execution environment, and where said shadow graphical 
user interface element corresponds to a secured graphical user interface element displayed by 
said first process. 

9. (Original) The method of claim 1, further comprising: 

determining whether said user input comprises a user SIM indication that said secured 
execution environment should be in said standard input mode; and 

if said user input comprises said user SIM indication and said secured execution 
environment is not in said standard input mode, switching said secured execution 
environment to said standard input mode. 
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10. (Original) The method of claim 9, where said user SIM indication comprises a 
combination of keystrokes on a keyboard. 

1 1 . (Original) The method of claim 9, where said user SIM indication comprises 
an action which results in a display with no graphical user interface element which 
corresponds to a process running on said secured execution environment. 

12. (Previously presented) The method of claim 1, where if said secured execution 
environment is in a standard input mode, and a second portion of said user input corresponds 
to changes to a graphical user interface element displayed by a process running on said 
secured execution environment, said changes to said graphical user interface element are 
performed within said secured execution environment. 

13. (Original) The method of claim 12, where said changes to a graphical user 
interface element displayed by a process running on said secured execution environment 
comprise the movement of a mouse cursor over a graphical user interface element displayed 
by a process running on said secured execution environment. 

14. (Original) The method of claim 1, further comprising: 

switching said secured execution environment to a nexus input mode if a power 
management change is detected. 

15. (Currently Amended) A computer-readable medium containing computer 
executable instructions to maintain the security of a secured execution environment on a 
system comprising said secured execution environment and a second execution environment 
both on a single computing device, the computer-executable instructions to perform acts 
comprising: 

accepting at the second execution environment a flow of user input from a trusted 
input device; 

initially directing the accepted flow of user input from the second execution 

environment to the secured execution environment; 
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determining at the secured execution environment whether said secured execution 
environment is in a standard input mode; 

subsequently directing the initially directed flow of user input at the secured execution 
environment based on the input mode of the secured execution environment including if said 
secured execution environment is in a standard input mode, transferring at least a first portion 
of said user input to said second execution environment; 

determining at the secured execution environment from the initially directed flow of 
user input at such secured execution environment whether said user input comprises a user 
NIM indication that said secured execution environment should be in a nexus input mode; 
and 

if said user input comprises said user NIM indication and said secured execution 
environment is not in said nexus input mode, switching said secured execution environment 
to said nexus input mode, there being at least two ways to transition from said secured 
execution environment to said standard input mode at least one of which is not a symmetrical 
counterpart of said user NIM indication. 

16. (Original) The computer-readable medium of claim 15, wherein the computer- 
executable instructions are adapted to perform acts further comprising: 

decrypting said user input. 

17. (Original) The computer-readable medium of claim 15, wherein the computer- 
executable instructions are adapted to perform acts further comprising: 

if said secured execution environment is in a nexus input mode, determining a specific 
process running in said secured execution environment to which said user input is directed; 
and 

directing said user input to said specific process. 

18. (Canceled). 

19. (Previously presented) The computer-readable medium of claim 15, where 

said user NIM indication comprises a combination of keystrokes on a keyboard. 
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20. (Previously presented) The computer-readable medium of claim 15, where 
said user NIM indication comprises a programmatic activation of a process running in said 
secured execution environment. 

21 . (Original) The computer-readable medium of claim 20, where said 
programmatic activation of a first process running in said secured execution environment 
comprises selecting a graphical user interface element corresponding to said process. 

22. (Previously presented) The computer-readable medium of claim 21, where 
said graphical user interface element is a shadow graphical user interface element displayed 
using a second process, where said process is running on said second execution environment, 
and where said shadow graphical user interface element corresponds to a secured graphical 
user interface element displayed by said first process. 

23. (Original) The computer-readable medium of claim 15, wherein the computer- 
executable instructions are adapted to perform acts further comprising: 

determining whether said user input comprises a user SIM indication that said secured 
execution environment should be in said standard input mode; and 

if said user input comprises said user SIM indication and said secured execution 
environment is not in said standard input mode, switching said secured execution 
environment to said standard input mode. 

24. (Original) The computer-readable medium of claim 23, where said user SIM 
indication comprises a combination of keystrokes on a keyboard. 

25. (Original) The computer-readable medium of claim 23, where said user SIM 
indication comprises an action which results in a display with no graphical user interface 
element which corresponds to a process running on said secured execution environment. 
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26. (Original) The computer-readable medium of claim 15, where a if said secured 
execution environment is in a standard input mode, and a second portion of said user input 
corresponds to changes to a graphical user interface element displayed by a process running 
on said secured execution environment, said changes to said graphical user interface element 
are performed within said secured execution environment. 

27. (Original) The computer-readable medium of claim 26, where said changes to 
a graphical user interface element displayed by a process running on said secured execution 
environment comprise the movement of a mouse cursor over a graphical user interface 
element displayed by a process running on said secured execution environment. 

28. (Original) The computer-readable medium of claim 15, wherein the computer- 
executable instructions are adapted to perform acts further comprising: 

switching said secured execution environment to a nexus input mode if a power 
management change is detected. 

29. (Previously presented) A trusted user interface engine for use in a computer 
system comprising both a secured execution environment and a second execution 
environment on a single computing device, said trusted user interface engine comprising: 

an input stack at the second execution environment for accepting a flow of user input 
from a trusted input device; and 

a trusted input manager at the secured execution environment for receiving the 
accepted flow of user input from the input stack and determining at the secured execution 
environment whether said secured execution environment is in a standard input mode; and for 
subsequently directing at least a first portion of said user input to said second execution 
environment if said secured execution environment is in a standard input mode, 

whoro said the trusted input manager determines for determining at the secured 

execution environment from the received flow of user input at such secured execution 

environment whether said user input comprises a user NIM indication that said secured 

execution environment should be in a nexus input mode; and if said user input comprises said 

user NIM indication and said secured execution environment is not in said nexus input mode, 
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switching said secured execution environment to said nexus input mode, there being at least 
two ways to transition from said secured execution environment to said standard input mode 
at least one of which is not a symmetrical counterpart of said user NIM indication. 

30. (Original) The trusted user interface engine of claim 29, where said trusted 
input manager, if said secured execution environment is in a nexus input mode, determines a 
specific process running in said secured execution environment to which said user input is 
directed; and directs said user input to said specific process. 

31. (Canceled). 

32. (Previously presented) The trusted user interface engine of claim 29, where 
said user NIM indication comprises a combination of keystrokes on a keyboard. 

33. (Previously presented) The trusted user interface engine of claim 29, where 
said user NIM indication comprises a programmatic activation of a process running in said 
secured execution environment. 

34. (Original) The trusted user interface engine of claim 33, where said 
programmatic activation of a first process running in said secured execution environment 
comprises selecting a graphical user interface element corresponding to said process. 

35. (Original) The trusted user interface engine of claim 34, where said graphical 
user interface element is a shadow graphical user interface element displayed using a second 
process, where said process is running on said second execution environment, and where said 
shadow graphical user interface element corresponds to a secured graphical user interface 
element displayed by said first process. 

36. (Original) The trusted user interface engine of claim 29, where said trusted 

input manager determines whether said user input comprises a user SIM indication that said 

secured execution environment should be in said standard input mode; and if said user input 
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comprises said user SIM indication and said secured execution environment is not in said 
standard input mode, switches said secured execution environment to said standard input 
mode. 

37. (Original) The trusted user interface engine of claim 36, where said user SIM 
indication comprises a combination of keystrokes on a keyboard. 

38. (Original) The trusted user interface engine of claim 36, where said user SIM 
indication comprises an action which results in a display with no graphical user interface 
element which corresponds to a process running on said secured execution environment. 

39. (Original) The trusted user interface engine of claim 29, where a if said 
secured execution environment is in a standard input mode, and a second portion of said user 
input corresponds to changes to a graphical user interface element displayed by a process 
running on said secured execution environment, said changes to said graphical user interface 
element are performed within said secured execution environment. 

40. (Original) The trusted user interface engine of claim 39, where said changes to 
a graphical user interface element displayed by a process running on said secured execution 
environment comprise the movement of a mouse cursor over a graphical user interface 
element displayed by a process running on said secured execution environment. 

41 . (Original) The trusted user interface engine of claim 29, where said trusted 
input manager switches said secured execution environment to a nexus input mode if a power 
management change is detected. 

42-45 (Canceled) 



Page 9 of 13 



